How BIC is removing roadblocks for Black security pros

Cybersecurity pro Alana Scott was building her skills and her career in the conventional manner: by attending conferences and looking to network.

But she and several colleagues found that they experienced a “kind of awkwardness when we tried to find our place in that space.”

As she explains: “It was not an active, ‘What are you doing here?’ It was more like they just didn’t see you. It was more like no one was engaging with you. No one was saying, ‘How are you? Nice to see you.’”

Such experiences, Scott says, could—and, indeed have—discouraged people of color from taking part in industry meetings and professional associations, which in turn could impact career growth and future opportunities.

“It’s a definite roadblock,” she says.

Scott, however, wasn’t deterred. Instead, she was inspired to team up with newfound cybersecurity colleague Michaela Barnett, who in 2018 had launched a new group for Black cybersecurity workers.

Blacks in Cybersecurity

They, along with other early members, saw the group as an informal way to advance Black representation in the profession. “We noticed we had to get more people of color at these events,” Scott says.

The group quickly grew, with Barnett soon forming it into an official organization, Blacks in Cybersecurity (BIC), which now holds a full range of educational and networking initiatives.

“BIC is a community that turned itself into a group, then an organization, and then a conference,” says Barnett, BIC founder and CEO. “It’s a spinning wheel of resources.”

‘We want to get more Black people in cybersecurity’

True to its early objective, BIC coalesced around a straightforward and succinct mission: to encourage the participation of the Black community in cybersecurity.

Barnett, Scott, and others say BIC fills a need in a profession where representation continues to lag the general population and has been at times less-than-inviting to people of color.

Indeed, research confirms that Black people remain underrepresented in the cybersecurity profession. A 2018 report by Frost & Sullivan based on the (ISC)² Global Information Security Workforce Study finds that in the U.S. 13% of the country’s population is Black, but only 9% of the cybersecurity workforce is Black.

Figures from the U.S. Department of Labor Statistics paint an even starker picture, reporting that just 3% of infosec analysts in the United States are Black.

At the same time, Black cybersecurity professionals often encounter a negative work environment. The (ISC)² study reported that 32% of cybersecurity professionals of color said they had experienced discrimination in the workplace.

Barnett, who graduated from Delaware State University in 2017 with a bachelor’s degree in computer science, started BIC to help counteract the impact of the underrepresentation of Blacks in the profession.

Blacks in Cybersecurity

Like Scott, she had attended a cybersecurity conference early in her career—in fact, just months after her graduation— and found it difficult to connect with other attendees.

“It wasn’t that easy to talk with people who didn’t think you could understand [cybersecurity],” she remembers.

But she quickly met up with other Black cybersecurity professionals to attend conferences together and to discuss their experiences. The camaraderie inspired her to think bigger. She started arranging professional get-togethers in the Washington, D.C., area, often using the Meetup app to draw in new people.

Building the community

Interest and attendance for the get-togethers grew, Barnett says, and in 2018 she and several others organized a mini-conference that drew some 30 participants to a Maryland public library meeting room for discussions on various cybersecurity topics.

BIC built up its offerings from there, over the months and years, as more Black cybersecurity professionals joined the group. BIC added more events as well as red team and blue team development programs, mentorship programs, a cybersecurity literacy and development program, a speaker development program, and other initiatives aimed at helping members advance their cybersecurity skills and careers.

Garrison Best, who works as a cybersecurity consultant, started with BIC in its early days, back before it even had a name, when it was just a group connecting at area restaurants through Meetup.

Best, who describes himself as gregarious, says he was drawn to the group for its social aspects, the networking opportunities, and its professional focus. He says he also liked the fact that it was a community of Black cybersecurity professionals who could relate to each other’s shared experiences in the field.

Best notes that at the time he joined BIC he worked at company where he was one of only three people of color in a group of 40. He says BIC gives him and other members the opportunity to advance their own careers while encouraging others to enter the profession.

“Encouraging the participation of the Black community in cybersecurity, that’s our main goal. We want to get more Black people in cybersecurity,” he says. “We’ve had some pushback, [with some people saying] that this isn’t needed, that it could be counterintuitive, and that there were already professional cybersecurity groups. But it’s not that we’re trying to have a separate cybersecurity world; rather we’re trying to make Black people more involved in the profession and up the numbers. That’s why we’re here, to improve those [diversity] numbers.”

Professional and personal payoff

BIC member Christen Madison says he has finds value in being part of the community. Madison, who works in system infrastructure projects, says he is also a member of the National Society of Black Engineers and Blacks in Technology but likes that BIC focuses on cybersecurity, a focus that has allowed him to take part in activities that strengthen him professionally.

Blacks in Cybersecurity

“It’s a lot easier for me to find the training I need,” he says.

As such, Madison has participated in classes and red team exercises as well as forums. He points to one forum discussion, where another member sought input on how to limit risk by blocking administrative rights during nonbusiness hours while also allowing emergency administrator access if needed. Others gave their input, allowing the member to craft a policy that he then took back to his company.

Madison says the interaction helped not only that one member score a win at his company but helped everyone in the chat better understand the intersection of security, policy, risk, and execution. That then helped them all perform better in their jobs.

“You can talk about defense, threat vectors, policies, and procedures, you can talk about frameworks,” Madison says. “So now if my boss asks me something, I know exactly what to say to him because I’ve already had this conversation.”

Madison acknowledges that such interactions happen in other professional cybersecurity organizations, but he says BIC also allows him and other members to discuss issues related to being a person of color.

He recounts one incident where one of his staffers, who was Hispanic, was stopped by security. When Madison asked why, he was told that the worker “doesn’t look like he belongs here.”

Madison says he has had similar experiences, noting that someone once told him that “you don’t look like someone who would do this kind of work.”

Madison has weathered those interactions but says other workers may not be able to move past them and could ultimately, as a result, decide to leave a job or the profession.

BIC, he adds, can help prevent that.

“It helps when you see someone who looks like you, who has your background, and can ask them, ‘How did you respond to this?’ That helps.”

Current and future contributions

Under Barnett’s leadership, BIC has grown from those early days of informal meetings to a collection of conferences, courses, mentorship programs, a speaker series, study groups and summits as well as a signature capture the flag cybersecurity game. BIC leaders note that the range of initiatives are designed to appeal to and support individuals wherever they are in their cybersecurity career, even if they’re only interested in the field as a hobby.

BIC participants speak of the organization as a community and a family that’s focused on empowering Black professionals, raising awareness of opportunities in the cybersecurity profession, highlighting Black contributions to the field, and increasing the representation of Blacks in cybersecurity through education and support.

Best says those elements attracted him to the organization and has kept him interested. “I saw that I could be part of something that brings everyone together to learn and network. And I thought: If we do this in DC, what if we could do this on a bigger scale? That’s what made me stay involved and stay a part of it.”

BIC has had a village at DEF CON, the well-known hacker conference held annually in Las Vegas; it will have a village again at the 2022 conference this August.

It has an ambassador program that gives interested individuals contacts around the United States as well as in Canada, Europe, and Africa.

Corporate sponsors, along with partnerships and donations, help fund scholarships and vouchers that are awarded to individuals who need help covering costs of courses, certifications, and conference fees.

BIC does not charge membership fees or fees for its programs; its annual BIC WinterCon, held in February to coincide with Black History Month, is the only event for which the organization charges participants.

According to BIC leaders, the organization has about 5,000 members and program participants around the globe, with most based in the United States.

Barnett continues to serve as its CEO, a volunteer nonpaid post—as are all the positions within the BIC leadership team. Scott is director of operations, and Best is director of communications. They also hold full-time jobs in the cybersecurity field.